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DETAILED ACTION 

1 . Currently pending claims are 1 - 35. 

Continued Examination Under 37 CFR 1.114 

2. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
12/20/2006 has been entered. 

Response to Arguments 

3. Applicant's arguments, see Remarks, filed 12/20/2006, with respect to the double 
patenting rejection have been fully considered in view of the Terminal Disclaimer filed 
10/20/2006. The Terminal Disclaimer has been made in record and the double 
patenting rejection has been withdrawn. 

4. Applicant's arguments with respect to the subject matter of the instant claims 
have been fully considered but are not persuasive. 

5. As per claim 1 , 30, 32 and 34, Applicant asserts Grootwassink does not teach (a) 
the second service access service provider (b) selectively granting the client access 
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device access to the network based upon the client device configuration data, and (c) 
receiving an indication about whether the client access device is granted access to the 
network, the indication originating from the second service access provider. Examiner 
disagrees with the following rationale listed respectively as follows. 

(a) a HLR is qualified as a second service access provider while a VLR as a first 
service access provider (Grootwassink: Column 2 Line 33 - 46). 

(b) selectively granting the client access device access to the network based 
upon the client device configuration data (Grootwassink: Column 5 Line 35-47, 
Column 2 Line 63 - 67 / Line 48 - 62 and Column 5 Line 3-10: Examiner notes the 
broadest and reasonable claim interpretations are made, according to MPEP 21 1 1, 
such that a registration information is interpreted as a part of the device configuration 
data). 

(c) receiving an indication about whether the client access device is granted 
access to the network, the indication originating from the second service access 
provider (Grootwassink: Column 2 Line 63 - 67: the indication originating from the HLR 
(i.e. the second service access provider)). 

6. As per claim 16, Applicant asserts Grootwassink does not teach "a second 
service access service provider to receive the authentication information and the 
configuration data from the first service access service provider". Examiner disagrees 
because a VLR (i.e. the first service access service provider) can query a HLR (i.e. the 
second service access service provider) by passing the authentication information and 
the configuration data associated with the client device to the HLR for validation 
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purpose (Grootwassink: Column 2 Line 63 - 67, Column 3 Line 2-4 and Column 5 
Line 35 - 47: the grant indication originating from the HLR (i.e. the second service 
access provider) and accessing the network via the VLR of the local network). 



Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

7. Claims 30 - 31 and 34 - 35 are rejected under 35 U.S.C. 101 because the 
claimed invention is directed to non-statutory subject matter where "A computer 
readable medium storing a set of instructions" as recited in the claim may be reasonably 
interpreted as being not limited to computer readable storage media, for example, as 
referred to in Specification (SPEC: Para [0076], Page 25 Line 5 - 7) as being intended 
to include communication media that include carrier ware signals that 'bear" instructions 
as claimed. Such embodiments of the "manufacture" claims 30 - 31 and 34 - 35 are 
not computer elements which define structural and functional interrelationships between 
the instructions and the rest of the computer that permit the functionality of the 
instructions to be realized. Thus, for at least this reason, claims 30 - 31 and 34 - 35 
are directed to a non-statutory subject matter as not being tangible and concrete and it 
would not be eligible for patentability because it would be eligible for patentability if a 
practical application was present that produced a useful, concrete and tangible result 
upon execution of the instructions. 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraph of 35 U.S.C. 102 that 
forms the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

8. Claims 1 -3, 6, 9, 13, 14, 16-18, 21, 24, 28, 30, 32 and 34 are rejected under 
35 U.S.C. 102(e) as being anticipated by Grootwassink (U.S. Patent 7,031,705). 

As per claim 1 and 30, Grootwassink teaches a method comprising: 
performing, in a service access provider, operations including: 
receiving an access request from a client access device (Grootwassink: Column 
5 Line 35 - 47), the access request requesting access to a network, wherein a user 
associated with the client access device is a subscriber of a second service access 
provider (Grootwassink: Column 2 Line 47 - 67: a HLR is qualified as a second service 
access provider while a VLR as a first service access provider); 

establishing a communications link with the client access device to authenticate 
and authorize the user (Grootwassink: Column 2 Line 47 - 67); 

receiving client device configuration data from the client access device over the 
communications link during an authentication and authorization exchange (Column 5 
Line 35 - 47, Column 2 Line 63 - 67 / Line 48 - 62 and Column 5 Line 3-10: 
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Examiner notes the broadest and reasonable claim interpretations are made, according 
to MPEP 2111, such that a registration information is interpreted as a part of the device 
configuration data); 

transmitting the client device configuration data destined for the second service 
access provider, wherein the second service access provider is operable to process the 
client device configuration data (Grootwassink: Column 2 Line 47 - 67); and 

selectively granting the client access device access to the network based upon 
the client device configuration data (Grootwassink: Column 2 Line 43 - 54 / Line 63 - 
67); and 

receiving an indication about whether the client access device is granted access 
to the network, the indication originating from the second service access provider 
(Grootwassink: Column 2 Line 63 - 67 and Column 3 Line 2-4: the grant indication 
originating from the HLR (i.e. the second service access provider) and accessing the 
network via the VLR of the local network). 

As per claim 16, Grootwassink teaches a system to verify configuration data of a 
client access device requesting access to a network, the system comprising: 

a first service access provider (Grootwassink: Column 2 Line 33 - 46: a VLR is 
qualified as as a first service access provider), coupled to a network, to establish a 
communications link to the client access device to receive, from the client access 
device, authentication information for a user associated with the client access device 
(Grootwassink: Column 5 Line 35 - 47 and Column 2 Line 63 - 67) and to receive the 
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configuration data from the client access device over the communications link during an 
authentication and authorization exchange (Grootwassink: Column 5 Line 35 - 47, 
Column 2 Line 63 - 67 / Line 48 - 62 and Column 5 Line 3-10: Examiner notes the 
broadest and reasonable claim interpretations are made, according to MPEP 21 1 1, 
such that a registration information is interpreted as a part of the device configuration 
data); and 

a second service access provider to receive the authentication information and 
the configuration data from the first service access provider, to process the 
configuration data, and to selectively grant the client access device access to the 
network based upon the configuration data (Grootwassink: Column 2 Line 63 - 67 and 
Column 3 Line 2-4: the grant indication originating from the HLR (i.e. the second 
service access provider) and accessing the network via the VLR of the local network). 

As per claim 32 and 34, Grootwassink teaches a method to manage access to a 
network from a client access device, the method comprising: 

requesting access to the network, the requesting involving a first service access 
provider and a second service access provider (Grootwassink: Column 5 Line 35-47 
and Column 2 Line 33 - 67: a HLR is qualified as a second service access provider 
while a VLR as a first service access provider); 

authenticating a user associated with the client access device in an 
authentication and authorization exchange, wherein the user is a subscriber of the 
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second service access provider (Grootwassink: Column 5 Line 35 - 47 and Column 2 
Line 33 - 67: the user is a subscriber of the HLR); 

communicating client device configuration data to the second service access 
provider via the first service access provider (Grootwassink: Column 5 Line 35 - 47, 
Column 2 Line 63 - 67 / Line 48 - 62 and Column 5 Line 3-10: Examiner notes the 
broadest and reasonable claim interpretations are made, according to MPEP 2111, 
such that a registration information is interpreted as a part of the device configuration 
data); 

receiving a verification response from the second service access provider via the 
first service access provider (Grootwassink: Column 2 Line 63 - 67: the indication 
originating from the HLR (i.e. the second service access provider)); and 

if the user is authenticated and the verification response from the second service 
access provider indicates acceptance of the client device configuration data, accessing 
the network via the first service provider (Grootwassink: Column 2 Line 63 - 67 and 
Column 3 Line 2-4: the grant indication originating from the HLR (i.e. the second 
service access provider) and accessing the network via the VLR of the local network). 

As per claim 2 and 17, Grootwassink teaches processing the client device 
configuration data includes determining if the client device configuration data meets 
predetermined security requirements (Grootwassink: Column 2 Line 63 - 67). 
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As per claim 3 and 18, Grootwassink teaches determining if the client device 
configuration data meets predetermined security requirements includes comparing the 
client device configuration data with reference configuration data (Grootwassink: 
Column 2 Line 63 -67). 

As per claim 6 and 21 , Grootwassink teaches the establishing of the 
communications link with the client access device includes, communicating an agent to 
the client access device, the agent operable to identify the client device configuration 
data and to communicate the client device configuration data to a server of the network 
(Grootwassink: Column 2 Line 47 - 67 and Column 5 Line 6-10: the VLR 
communicates the client configuration data with the HLR). 

As per claim 9 and 24, Grootwassink teaches the establishing of the 
communications link with the client access device includes communicating a command 
set, which includes at least one command, to the client access device, the command 
set operable to identify the client device configuration data and to communicate the 
client device configuration data to a server of the network (Grootwassink: Column 2 
Line 47 - 67 and Column 5 Line 6 - 1 0: a command set, for example, is to find out the 
wireless unit's identification (or registration information)). 
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As per claim 13 and 28, Grootwassink teaches after establishing communications 
with the client access device, authenticating a user associated with the client access 
device (Grootwassink: Column 2 Line 47 - 67 and Column 5 Line 6-10). 

As per claim 14, Grootwassink teaches authenticating the user includes verifying 
user login information associated with the user attempting access to the network 
(Grootwassink: Column 2 Line 20 - 25 and Column 5 Line 6-10). 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

9. Claims 4, 5, 7, 8, 10- 12, 15, 19, 20, 22, 23, 25 - 27, 29, 31 , 33 and 35 are 
rejected under 35 U.S.C. 103(a) as being unpatentable over Grootwassink (U.S. Patent 
7,031,705), in view of Albert et al. (U.S. Patent 2003/0177389). 

As per claim 4 and 19, Grootwassink does not disclose expressly the second 
service access provider is further operable to update the client device configuration 
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data if the client device configuration data fails to meet the predetermined security 
requirements. 

Albert teaches the second service access provider is further operable to update 
the client device configuration data if the client device configuration data fails to meet 
the predetermined security requirements (Albert: Para [0066], [0025], [0072] and [0085] 
- [0098] & Figure 3: the corporate security policies that are predefined and assigned to 
the user are typically downloaded to the user's device from an integrity server). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Albert within the system of 
Grootwassink because (a) Grootwassink teaches providing a security validation for a 
roamer including personal communication service (PCS) units in a wireless network 
(Grootwassink : Column 1 Line 25 - 28 / Line 34 - 40 and Column 2 Line 6-10) and 
(b) Albert teaches providing enhanced authenticating method by using the security 
enforcement module that applies access security policy for regulating access at a client 
device including mobile computer users in a wireless network (Albert: Para [0008] Line 
4 -13 and Para [0024]). 

As per claim 5 and 20, Grootwassink as modified teaches selectively granting the 
client access device access to the network includes, denying access to the network if 
the client device configuration data is not updated (Albert: [0066] & Figure 3: the last 
sentence). 
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As per claim 7 and 22, Grootwassink does not disclose expressly if after the 
processing of the client device configuration data the client device configuration data 
requires an update, using the agent to update the client access device with updated 
configuration data. 

Albert teaches if after the processing of the client device configuration data the 
client device configuration data requires an update, using the agent to update the client, 
access device with updated configuration data (Albert: Para [0066], [0025], [0072] and 
[0085] - [0098] & Figure 3: the corporate security policies that are predefined and 
assigned to the user are typically downloaded to the user's device from an integrity 
server). 

Same rationale of combination applies herein as above in rejecting the claim 2. 

As per claim 8 and 23, Grootwassink as modified teaches after updating the 
client access device, receiving an update result indicator from the agent to confirm that 
the configuration of the client access device has been updated (Albert: Para [0072]). 

As per claim 10 and 25, Grootwassink does not disclose expressly if after the 
processing of the client device configuration data the client device configuration data 
requires an update, using the command set to update the client access device with 
updated configuration data. 

Albert teaches if after the processing of the client device configuration data the 
client device configuration data requires an update, using the command set to update 
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the client access device with updated configuration data (Albert: Para [0066], [0025], 
[0072] and [0085] - [0098] & Figure 3: the corporate security policies that are 
predefined and assigned to the user are typically downloaded to the user's device from 
an integrity server). 

Same rationale of combination applies herein as above in rejecting the claim 2. 

As per claim 1 1 and 27, Grootwassink as modified teaches the command set 
further includes a first command set to identify and communicate the client device 
configuration data to the server (Grootwassink: Column 2 Line 47 - 67 and Column 5 
Line 6 - 10: a command set, for example, is to find out the wireless unit's identification 
(or registration information)), and a second command set to update the client access 
device with the updated configuration data ((Albert: Para [0066], [0025], [0072] and 
[0085] - [0098] & Figure 3: the corporate security policies that are predefined and 
assigned to the user are typically downloaded to the user's device from an integrity 
server). 

As per claim 12 and 26, Grootwassink as modified teaches after updating the 
client access device, receiving an update result indicator from the client access device 
to confirm that the configuration of the client access device has been updated (Albert: 
Para [0096] - [0098] & Figure 3). 
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As per claim 15, 29 and 31, Grootwassink does not disclose expressly the client 
device configuration data includes at least one of virus definition data, firewall 
configuration data, and operating system configuration data. 

Albert teaches the client device configuration data includes at least one of virus 
definition data, firewall configuration data, and operating system configuration data 
(Albert: Para [0090]: a message sent by the of client security module is a "firewall" 
event control related configuration data) 

Same rationale of combination applies herein as above in rejecting the claim 2. 

As per claim 33 and 35, Grootwassink does not disclose expressly prior to 
receiving a verification response, updated configuration data is received from the 
network access system to replace the client device configuration data. 

Albert teaches prior to receiving a verification response, updated configuration 
data is received from the network access system to replace the client device 
configuration data (Albert: Para [0066] Para [0097] and [0098]: the integrity server 
updates and installs the security policies on the client device and may deny the client's 
access to the network if the required security policy or module is not subsequently 
activated by the client device). 

Same rationale of combination applies herein as above in rejecting the claim 2. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Longbit Chai whose telephone number is 571-272-3788. 
The examiner can normally be reached on Monday-Friday 8:00am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Patent Examiner 
Art Unit 2131 
2/8/2007 



